diff options
author | F. Jason Park <jp@neverwas.me> | 2022-11-24 21:03:03 -0800 |
---|---|---|
committer | F. Jason Park <jp@neverwas.me> | 2022-11-25 05:37:01 -0800 |
commit | 3d02c8aabfde88219dd8b6053a59de261308bc2f (patch) | |
tree | 7720ff6524d15f2231319bbacc3f6bf9362b0e52 | |
parent | 94a8a8c4fef074f445d316000070c95f0452586e (diff) | |
download | emacs-3d02c8aabfde88219dd8b6053a59de261308bc2f.tar.gz |
Disable auth-source-pass-extra-query-keywords by default
* doc/misc/auth.texi: Mention subdomain matching in
`auth-source-pass-extra-query-keywords' section.
* etc/NEWS: Mention the loss of traditional auth-source-pass features
when `auth-source-pass-extra-query-keywords' is enabled.
* lisp/auth-source-pass (auth-source-pass-extra-query-keywords): Set
default to nil. Mention domain matching in doc string.
(auth-source-pass--match-regexp): Allow username to contain "@".
* lisp/erc/erc-compat.el:
(erc-compat--29-auth-source-pass--retrieve-parsed): Adjust regexp.
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-extra-query-keywords--suffixed-user): make plain
username more email-like.
(Bug#58985.)
-rw-r--r-- | doc/misc/auth.texi | 11 | ||||
-rw-r--r-- | etc/NEWS | 3 | ||||
-rw-r--r-- | lisp/auth-source-pass.el | 9 | ||||
-rw-r--r-- | lisp/erc/erc-compat.el | 2 | ||||
-rw-r--r-- | test/lisp/auth-source-pass-tests.el | 24 |
5 files changed, 26 insertions, 23 deletions
diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 872e5f88f55..83728be0a54 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -560,11 +560,12 @@ favors the @samp{rms@@gnu.org.gpg} form for usernames over the param was provided. In general, if you prefer idiosyncrasies traditionally exhibited by -this backend, such as prioritizing field count in a filename, try -setting this option to @code{nil}. But, if you experience problems -predicting the outcome of searches relative to other auth-source -backends or encounter code expecting to query multiple backends -uniformly, try flipping it back to @code{t} (the default). +this backend, such as prioritizing field count in a filename or +matching against subdomain labels, keep this option set to @code{nil} +(the default). But, if you experience problems predicting the outcome +of searches relative to other auth-source backends or encounter code +expecting to query multiple backends uniformly, try flipping it to +@code{t}. @end defvar @node Help for developers @@ -1410,7 +1410,8 @@ database stored on disk. *** New user option 'auth-source-pass-extra-query-keywords'. Whether to recognize additional keyword params, like ':max' and ':require', as well as accept lists of query terms paired with -applicable keywords. +applicable keywords. This disables most known behavioral quirks +unique to auth-source-pass, such as wildcard subdomain matching. ** Dired diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index dc274843e10..74d38084480 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,12 +55,13 @@ :type 'string :version "27.1") -(defcustom auth-source-pass-extra-query-keywords t +(defcustom auth-source-pass-extra-query-keywords nil "Whether to consider additional keywords when performing a query. Specifically, when the value is t, recognize the `:max' and `:require' keywords and accept lists of query parameters for -certain keywords, such as `:host' and `:user'. Also, wrap all -returned secrets in a function and forgo any further results +certain keywords, such as `:host' and `:user'. Beyond that, wrap +all returned secrets in a function and don't bother considering +subdomains when matching hosts. Also, forgo any further results filtering unless given an applicable `:require' argument. When this option is nil, do none of that, and enact the narrowing behavior described toward the bottom of the Info node `(auth) The @@ -110,7 +111,7 @@ HOSTS can be a string or a list of strings." (defun auth-source-pass--match-regexp (s) (rx-to-string ; autoloaded `(: (or bot "/") - (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ,s)))) "@") (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 66a9a615e32..abbaafcd936 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -176,7 +176,7 @@ If START or END is negative, it counts from the end." ;; This hard codes `auth-source-pass-port-separator' to ":" (defun erc-compat--29-auth-source-pass--retrieve-parsed (seen e port-number-p) (when (string-match (rx (or bot "/") - (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (or (: (? (group-n 20 (+ (not (in " /:")))) "@") (group-n 10 (+ (not (in " /:@")))) (? ":" (group-n 30 (+ (not (in " /:")))))) (: (group-n 11 (+ (not (in " /:@")))) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 6e6671efca5..1107e09b51b 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -697,29 +697,29 @@ machine Libera.Chat password b ;; with slightly more realistic and less legible values. (ert-deftest auth-source-pass-extra-query-keywords--suffixed-user () - (let ((store (sort (copy-sequence '(("x.com:42/bar" (secret . "a")) - ("bar@x.com" (secret . "b")) + (let ((store (sort (copy-sequence '(("x.com:42/b@r" (secret . "a")) + ("b@r@x.com" (secret . "b")) ("x.com" (secret . "?")) - ("bar@y.org" (secret . "c")) + ("b@r@y.org" (secret . "c")) ("fake.com" (secret . "?")) - ("fake.com/bar" (secret . "d")) - ("y.org/bar" (secret . "?")) - ("bar@fake.com" (secret . "e")))) + ("fake.com/b@r" (secret . "d")) + ("y.org/b@r" (secret . "?")) + ("b@r@fake.com" (secret . "e")))) (lambda (&rest _) (zerop (random 2)))))) (auth-source-pass--with-store store (auth-source-pass-enable) (let* ((auth-source-pass-extra-query-keywords t) (results (auth-source-search :host '("x.com" "fake.com" "y.org") - :user "bar" + :user "b@r" :require '(:user) :max 5))) (dolist (result results) (setf (plist-get result :secret) (auth-info-password result))) (should (equal results - '((:host "x.com" :user "bar" :secret "b") - (:host "x.com" :user "bar" :port "42" :secret "a") - (:host "fake.com" :user "bar" :secret "e") - (:host "fake.com" :user "bar" :secret "d") - (:host "y.org" :user "bar" :secret "c")))))))) + '((:host "x.com" :user "b@r" :secret "b") + (:host "x.com" :user "b@r" :port "42" :secret "a") + (:host "fake.com" :user "b@r" :secret "e") + (:host "fake.com" :user "b@r" :secret "d") + (:host "y.org" :user "b@r" :secret "c")))))))) ;; This is a more distilled version of `suffixed-user', above. It ;; better illustrates that search order takes precedence over "/user" |